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Introduction 


The Citizens Advice service provides free, independent, confidential and impartial 
advice to everyone on their rights and responsibilities. It values diversity, promotes 
equality and challenges discrimination. Since 1 April 2014, the Citizens Advice 
service took on the powers of Consumer Futures to become the statutory 
representative for energy consumers across Great Britain. 


The service aims: 


e To provide the advice people need for the problems they face 
e To improve the policies and practices that affect people's lives. 


The Citizens Advice service is a network of nearly 300 independent advice centres 
that provide free, impartial advice from more than 2,900 locations in England and 
Wales, including GPs’ surgeries, hospitals, community centres, county courts and 
magistrates courts, and mobile services both in rural areas and to serve particular 
dispersed groups. There are 23,000 trained, trusted and knowledgeable volunteers 
across England and Wales. In 2015/16, Citizens Advice service advised 2.7 million 
people on 6.2 million problems, with 36 million visits to their website. 


Since April 2012 we have also operated the Citizens Advice Consumer Service, 
formerly run as Consumer Direct by the Office for Fair Trading (OFT). This 
telephone helpline covers Great Britain and provides free, confidential and 
impartial advice on all consumer issues. 


In the last four quarters Local Citizens Advice have dealt with 84,000 enquiries 
about fuel debt, while hits to the energy section of our website doubled in October 
and November, the period during which suppliers announced their price increases 
last year. Calls to the Citizens Advice Consumer Helpline seeking advice about 
energy doubled in the same period. 


Response 


Question 1: Do you agree that API access for TPIs should be 
available on an ‘access by default’ basis? Do you have any evidence 
that such an approach could cause customer detriment? If so, 


please provide details. 

The principle of implementing ‘access by default’ is a sound one, as the consultation 
document notes such an approach will help prevent energy suppliers from 
becoming gatekeepers to which services consumers can use with their data. The 
assumption that it is consumers who have clear control over whom they share their 
data with should be at the heart of the MiData programme and this step helps 
ensure it. Suppliers certainly should not be put in a position where they can exclude 
services that might benefit a consumer but not them - for example services that 
allow a consumer to more easily switch away from a supplier - either by ‘going slow’ 
with data transfers or by instituting charges or other obstacles to TPI access to 
consumer data. 


There are risks to this approach that must be addressed, The consultation 
document makes no mention of encrypted security tokens to confirm consumer 
consent for TPI data access, though there are references to the use of online 
accounts to verify a consumer's identity. Previous work on MiData had identified 
security tokens as a reliable method to ensure that only companies with a 
consumer's informed consent can access data from a supplier. The proposals laid 
out in this consultation document risk taking a backward step from past decisions 
with regard to consent-check mechanisms which should be avoided. The exact 
methodologies by which consumer consent will be communicated will have to be 
laid out before steps are taken to implement API access on a default basis. 


Consumers will only engage with services they trust so a robust system must be put 
in place to reliably record a consumer's consent and the details of that consent. To 
do otherwise risks a world in which liability becomes unclear, where suppliers can 
argue that they are obligated to share by default, only reacting if a TPI is under 
investigation by the ICO or where an energy supplier “suspects” data protection 
laws are being broken. The latter of these two criteria is vague as stated and risks 
both suppliers not taking action due to the difficulty of defining a valid level of 
“suspicion” or using a stated suspicion to block access from legitimate services that 
the supplier simply doesn’t want consumers to use as has happened in other 
industries. 


Question 2: Do you agree that Government should provide energy 
suppliers some flexibility about how to apply conditions on 
authorising access to customer's data? If you do not agree, please 


give reasons and suggest an alternative proposal. 

The proposed approach to provide flexibility is reasonable but some robust 
principles will need to be laid out for energy suppliers to prevent potential abuses 
or lack of action where consumer data are at risk detailed in our response to 
question 1. At its heart this principle should ensure that suppliers can’t use this 
flexibility to penalise services they don’t want consumers to use rather than 
services that may represent a risk to consumers. 


Question 3: Do you agree that customers should have the choice 
between providing consent to a third party to access their Midata 


ona one off, time-limited basis and annual or ongoing basis? 

Yes, this is a sensible approach, we would also add that the rollout of Smart Meters 
will introduce a further question of detail of data. That is, with regard to meter 
reads, frequency of data from monthly to near-real-time. This is an area where the 
Smart Metering Privacy Framework should be consulted to ensure consistency of 
approach. Given the direction of travel for the wider energy market the MiData 
programme should ensure that these future data questions are aligned with the 
protections and principles in the Smart Metering Data Privacy Framework. 


Again a key caveat to this model will be instituting a robust system to ensure that a 
supplier is able to verify that a TPI has a consumer's consent to collect their data. 


Question 4: Do you agree that for one off access 30 minutes is an 


appropriate consent period? Please provide details. 
Yes, subject to the aforementioned implementation of a robust consent-checking 
mechanism. 


Question 5: Do you think that longer access periods should be for 
one year or ongoing subject to customers opting out? Please 


provide details 

While ongoing or longer-term access should certainly be available this should be 
provided on an opt-in rather than opt-out basis. Any service that is seeking to 
provide a consumer with a service should be clearly explaining what their service is, 
what it does, how it will work and therefore what level of data access it will require 
to offer different functionality. Any TPI expecting to engage consumers will have 
made this communication clear and if their product is appealing then consumers 


are likely to opt-in with a clear understanding of what they have signed up for, and 
that they can opt-out at any time. 


An opt-out approach risks TPIs always requesting ongoing access by default even 
where the product they offer does not justify this. Consumers should have both 
transparency and control' over how their data is used and should not feel that 
things are being “done to” them - an opt-in approach would help ensure this. 


The other clear benefit of an opt-in approach will be to incentivise TPIs to properly 
engage with their customers to make their offers clear and the access request 
proportionate to the service being provided - if they want ongoing data access they 
will have to make a clear case to the consumer in order to earn their consent rather 
than knowing they can always take it by default. 


Opt-in should always be the default setting for data services to ensure consumers 
retain control over, and understanding of the data-driven services they use. 


Question 6: Do you agree that all customers, including those 
without an online account, should be able to grant Third party 


access to their data? 

Yes, only allowing MiData services to those who have an online account risks 
excluding a significant portion of consumers. However we would again highlight the 
need for a robust consent-check mechanism to be in place. As previously noted 
past discussions on MiData concluded that encrypted security tokens represent a 
cost-effective and reliable way to achieve this. Once such a methodology is in place 
offline consumers should have easier access to TPIs via MiData. 


Question 7: Is there a minimum number and/or combination of 
data fields needed to safely verify a customer is legitimate and if 


so, which data fields would be appropriate for this function? 
Citizens Advice does not have the expertise to definitively answer this question but 
would advise that any data fields would have to go beyond the information that 
could be found on a single piece of correspondence from an energy supplier, for 
example a consumer's account number, postcode and name would all be visible on 
a bill - in some cases without even opening it. 
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Question 8: Do you agree that the following data fields should be 
added to the API specification: meter type, Warm Home Discount 
Indicator, consumption data by time of use for those customers on 


Economy 7 or other time-of use tariff? 

We agree that these all represent reasonable additions but would note that there is 
also a need to future-proof these fields to some extent. For example if every home 
in Great Britain has a smart meter by 2020 there will no longer be any Economy 7 
meters on walls but rather smart meters operating in a far more wide range of 
Time of Use Modes, some of which may replicate current Economy 7 functionality. 
MiData should ensure that this future step-change in the detail and types of data 
are also factored in lest the programmes’ data streams become dated before they 
are rolled out in earnest. 


Question 9: Should additional data fields be introduced from the 
Start of the mandatory Midata implementation or phased in over 
time? If you think they should be phased in, how and when should 
this be done? 

As noted elsewhere in this response, and in the consultation document, most 
crucial will be ensuring that MiData is ready for a future Smart World - the ability to 


add new data fields will likely be a crucial part of this as new services emerge that 
are offered via the DCC as well as MiData. 


Question 10: Should Government follow a collaborative process 
with stakeholders if changes to the technical specification need to 


be made? 

Yes, work should also be undertaken to ensure that the right stakeholders are 
included. If working as desired the MiData programme should catalyse new 
entrants to this market offering innovative new services - it will be vital to ensure 
that their voices are heard in addition to established participants in the market. 


Question 11: Do you agree that existing data protection legislation 
is sufficient to deal with misuse of customers’ energy Midata? If 
not, please provide evidence and a proposal for how additional 


protections could work 

As the consultation document notes the existing data protection legislation is due 
to change in the near future. One concern is that as data markets become 
increasingly complex and involve a greater number of parties both known and 
unknown to the consumer it becomes increasingly difficult to establish 
responsibility and indeed liability where things go wrong. This is true of both 


breaches of data protection legislation and wider customer service issues where a 
service does not provide the expected service or customer care. 


As such there is a clear need for robust consent-check mechanisms to be put in 
place - this need was identified in previous work on the MiData programme and is 
all the more important now. Consumers are increasingly wary of how they data is 
used and how little control they feel they have over it and data protection law has 
not much to assuage these concerns as it is seen as distant and inaccessible to the 
average consumer’. Consumers should also have clear transparency and control 
over who is accessing their data, in what detail and for what purposes and be able 
to edit or amend this access as they see fit. Instituting such controls will increase 
consumer confidence with services and therefore their ability to benefit from them? 


Question 12: Do you agree that Ofgem is the most appropriate 
organisation to carry out monitoring and enforcement of 
fulfilment of Midata requests? If not, which organisation would be 


preferable and why? 

The logic of appointing Ofgem is sound but we do not currently know whether 
Ofgem has the in-house expertise or resource to effectively undertake this role and 
evaluate supplier decision making, particularly with regard to incidents where 
Suppliers “suspect” a TPI may be breaching data rules. As energy networks 
increasingly become data networks the barriers between sector-specific areas of 
regulation are swiftly being eroded and new approaches will be needed to ensure 
regulation keeps up with the increased pace of change. As such we would expect 
Ofgem to collaborate closely with the ICO and others. 


Question 13: Do you agree an enforcement regime overseen by 
Ofgem would be the most appropriate way to deal with breaches 
of Regulations requiring suppliers to provide customer data? If not, 
can you propose an alternative and say why this would be more 
appropriate. 

The Licence conditions are an effective tool for ensuring energy suppliers adhere to 
regulations, as such this is a sensible model. TPls will exist outside of this structure 


so other enforcement regimes will need to work in tandem with regulations 
requiring suppliers to provide consumer data. 
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Question 14: Do you think that quality assurance of Midata needs 


to be undertaken? If so, how would this be best achieved? 

The quality of MiData will depend on the quality of recording by energy suppliers. 
We know that in some areas this is currently not always optimal. While we are 
hopeful that data quality will improve over time it does seem reasonable to 
institute quality assurance of data - though clearly this is an exercise energy 
suppliers should be undertaking already to ensure they have accurate information 
about their customers. 


Question 15: Are there aspects of the wider Midata programme 
that we should take into account when developing Regulations in 
the energy sector to maximise the benefits of the wider 
programme for customers? 

We support ensuring that the adoption of MiData across regulated industries is 
consistent and that best practice is adopted and learned from. Factors that have 
obvious crossover include providing a tool for consumers to see who is accessing 
their data, in what detail and for what purposes and allowing consumers to amend 


this. Similarly a standard consent-check mechanism could be adopted across 
sectors. 


Question 16: Are you aware of any evidence available from other 
countries that have implemented similar proposals? If so, can you 


provide details on customer benefits? 

The most commonly referenced international equivalent to the MiData is the ‘Green 
Button’ initiative in the US - though we are not aware of any specific research 
evaluating its beneficial impact for consumers. 


Question 17: Do you agree that energy suppliers with fewer than 
50,000 customers for a given fuel should be exempt from this 
regulation? 

Given the reduced capacity of suppliers of this size this may be a reasonable 


approach, however smaller suppliers certainly should not be prevented from 
participating in the MiData programme if they wish to 


Question 18: In view of the work already undertaken and the 
recommendation of the CMA, are there any further issues to 
consider with regard to when these proposals should be 


implemented? 

As referenced already in this response we would strongly encourage the MiData 
programme to revisit its past findings around encrypted security tokens to confirm 
consumer consent to suppliers - having such a model in place, as well as platforms 


to allow consumers to easily see where their data are going will be crucial to 
enabling a wider take up of MiData 


Questions 19-30: 


As these questions relate to estimated costs to suppliers we have not provided a 
response 


Question 31: Finally, do you have any evidence and estimates of 
the benefits that might accrue to consumers from these 
proposals? 

The majority of current energy MiData TPI proposals hinge on enabling easier 
switching. The benefits of switching for consumers are well known and have been 
widely reported and quantified. We also note the potential for new services to 
emerge that make use of energy data, potentially in conjunction with other 
consumer data sets - the potential nature, and therefore benefits, of such services 
are currently unknown but should not be underestimated. It should also be noted 
that data-driven services generate both potential benefits and risks for consumers, 
this is the case even moreso where data sets are combined. An area which has 
already received some attention is the enthusiasm for insurance companies to 
access more detailed data about consumer choices and lifestyles - the products 
generated through such insights may well benefit some consumers but potentially 
disadvantage others as the ability to profile becomes more accurate and the 
pooling model of insurance is eroded. As such there will always be a role for 
government and regulators to ensure that benefits are available to all consumers 
and that consumers are able to retain control, transparency and a clear sense of 
who is responsible for what at all times. 


